This statement informs you about how we collect personal data during your use of our website. Any data with a personal reference to you, i.e., name, address, e-mail address, user behaviour, is considered personal data.
1. Name and contact data of the party responsible for processing
This data protection information applies to data processing by:
2. Collecting and storing personal data; type and purpose of their use
(1) When you open our website, the browser used on your end user device automatically sends information to our website’s servers. This information is temporarily stored in a so called log file. In the process, the following information is collected and stored until automatic deletion without your intervention:
• IP address of the querying computer;
• Date and time of your access;
• name and URL of the obtained file;
• website (URL) used for access (so called referrer URL);
• your computer’s browser used and, when necessary, its operating system and the name of your Internet access provider.
(2) We process the above data for the following purposes:
• Ensure the website can connect smoothly;
• Ensure a comfortable user experience on our website;
• Analyse system safety and stability;
• Other administrative purposes.
(3) The legal basis for data processing is Art. 6 Para. 1 Sent. 1 lit. f GDPR. Our legitimate interest results from the data collection purposes listed above. Under no circumstances will we collect data for the purpose of drawing conclusions about you as a person.
3. Forwarding of data
We will not transmit your personal data to third parties for any other purposes than those listed in the following.
We will only forward your personal data to third parties if:
• you have given us your express consent according to Art. 6 Para. 1 Sent. 1 lit. a GDPR;
• forwarding is required according to Art. 6 Para. 1 Sent. 1 lit. f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an interest, which is predominantly worthy of protection, in not forwarding your data;
• there is a legal obligation according to Art. 6 Para. 1 Sent. 1 lit. c GDPR to forward the data;
• it is legally permitted and required for handling contractual relationships with you according to Art. 6 Para. 1 Sent. 1 lit. b GDPR.
Cookies are used for storing information arising in connection with the end user device in question. This does not mean that they give us direct information about your identity.
Cookies are used, on the one hand, to improve your user experience while visiting our website. We may use so called session cookies to detect that you have visited individual pages of our website. These cookies are automatically deleted after you leave our website.
We also use temporary cookies to optimise our user-friendliness; these cookies are stored on your end user device for a certain pre-defined period. If you revisit our website to use our services or to look for information, we can detect automatically that you are a returning visitor to our website and that we have stored your inputs and settings so you do not have to enter them again.
The data processed by cookies are required for the specified purposes to maintain our legitimate interests and third-party interests according to Art. 6 Para. 1 Sent. 1 lit. f GDPR.
Most browsers automatically accept cookies. You can, however, configure your browser to store no cookies on your computer or to always notify you prior to creating a new cookie. If you fully disable cookies you may not be able to use the entire functionality of our website.
5. Special usage types of websites
a. Use of a contact form
(1) For questions of any kind we offer you the possibility to contact us through a form provided on our website. To that end, you need to enter a valid e-mail address to let us know who sent the query and to enable us to reply to it. You can add more information if you want to.
(2) Data processing for the purpose of contacting us follows Art. 6 Para. 1 Sent. 1 lit. a GDPR on the basis of your voluntary consent.
(3) The personal data we collect in our contact form are automatically deleted after your query has been dealt with.
b. Use of our Web shop
(1) If you want to order from our Web shop we need your personal data to conclude a contract with you and complete your order. Mandatory information for completing the contracts are specially marked; any further information is voluntary. We process your provided data to complete your order. To that end, we are allowed to forward your payment details to our bank; legal basis is Art. 6 Para. 1 Sent. 1 lit. b GDPR.
(2) We forward your data to third parties only if required for rendering the relevant service. For example, your data are transmitted, to the extent required for completing your order, to the shipping agent responsible for the delivery or to the financial services provider responsible for completing the payment. We can assign invoiced receivables to third parties, in particular for refunding or for simplifying our claims management. We would like to point out that in case of assignment, we will, within the legal limits, transmit to third parties the information required for assignment and for asserting the assigned claims.
(3) Addresses of the relevant financial services providers and their privacy statements:
• Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
(4) You are free to create a customer account enabling us to store your data for further purchases. If you create an account we will revocably store your provided data. You can always delete any other data, including your user account, in our customer area.
(5) We are allowed to process your provided data to send you information about other products from our portfolio that may interest you or to e-mail you technical information.
(6) Due to trading and tax regulations we are obligated to store your address, payment details and order data for the duration of ten years. After two years, however, we limit processing so that your data are only used for meeting statutory obligations.
(7) We encrypt the order process by TLS technology or other means to prevent unauthorised third-party access to your personal data.
6. Link to social media via social media plug-ins
(1) Currently, we use the following social media plug-ins: [Facebook, Twitter]. We use the so called two-click solution. If you visit our website, no personal data are forwarded to the plug-in provider at that point. You can recognise the plug-in provider by its mark on the box, its initials or its logo. We give you the opportunity to directly communicate with the plug-in provider by clicking the button. It is only if you click the highlighted box that the plug-in provider is notified that you have accessed its website from our online offering. Furthermore, the data specified in Items 2. to 4. of this statement are transmitted. According to the providers in Germany, IP addresses for Facebook are anonymised immediately after data collection. By enabling the plug-in, your personal data are sent to the plug-in provider and stored there (in case of US providers, your data are stored in the US). As the plug-in provider uses mainly cookies to collect data, we recommend deleting all your cookies from your browser’s security settings prior to clicking the greyed-out box.
Based on Art. 6 Para. 1 Sent 1 lit. f GDPR we use social network plug-ins to publicise our company. The marketing purpose behind this intention is to be considered a legitimate interest as per the GDPR. The provider must ensure compliance with data protection. We integrate these plug-ins using the so called two-click method to protect visitors to our website as best as possible.
(2) We can neither influence what data are collected and how, nor do we know the full extent of the data collection, the purpose of data processing or retention periods. We also have no information about the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you in user profiles and uses them for advertising and/or to customise their website experience. The purpose of such analyses (even for users who are not logged in) is to display customised advertisements and to inform other users of the social network about your activities on our website. You have a right of objection against creating these user profiles; you must contact the plug-in provider to exercise this right. The plug-ins enable you to interact with the social networks and other users so we can improve our offering and your user experience. The legal basis for the use of plug-ins is Art. 6 Para. 1 Sent. 1 lit. f GDPR.
(4) Data are forwarded regardless of whether you have an account at the plug-in provider and are logged in there. If you are logged in to the plug-in provider your data collected on our website are directly allocated to your account at the plug-in provider. If you click the enabled button and, e.g., link the page, the plug-in provider also stores that information in your user account and publicly shares it with your contacts. We recommend to always log out after using a social network, in particular, however, prior to enabling the button, as this enables you to prevent the data from being allocated to your profile at the plug-in provider.
(5) You can find more information about purpose and scope of the plug-in provider’s data collection and processing in the following privacy statements of said plug-in providers, where you also get more details about your rights and setting options to protect your privacy.
(6) Addresses of the relevant plug-in providers and their privacy statements:
• Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(1) We use Facebook social media plug-ins on our website to provide you with a more customised user experience. To that end, we use the LIKE or SHARE buttons. This is a Facebook offering.
After clicking the icon, the plug-in informs Facebook—even if you have no Facebook account or are currently not logged in to Facebook—that your browser has opened the relevant page of our Web presence. This information (including your IP address) is submitted by your browser directly to a Facebook server in the US and stored there.
If you are logged in to Facebook, Facebook can directly allocate your visit on our website to your Facebook account. If you interact with the plug-ins, e.g., click the LIKE or SHARE buttons, this information is also directly transmitted to a Facebook server and stored there. In addition, the information is published on Facebook and also displayed to your Facebook friends.
Facebook can use this information for advertising or market research and to customise Facebook pages. To that end, Facebook creates usage, interest and relationship profiles, e.g., to analyse your use of our website with regard to the advertisements shown to you on Facebook, to inform other Facebook-users about your activities on our website and to render further services associated with using Facebook.
(2) If you do not want Facebook to directly allocate the data collected about our Web presence to your Facebook account you need to log off from Facebook before visiting our website.
(3) For more information about the purpose and scope of the data collection and further processing and use of the data by Facebook and your associated rights and setting options to protect your privacy, please see the privacy statements (https://www.facebook.com/about/privacy/) on Facebook.
(1) Our Internet pages include plug-ins by the short messaging network Twitter Inc. (Twitter). You can recognise the Twitter-plug-in (tweet button) by the Twitter logo on our website. Please see here for an overview of tweet buttons (https://about.twitter.com/resources/buttons).
If you open a page of our Web presence containing such a plug-in, a direct connection is created between your browser and the Twitter server after you click the icon, enabling Twitter to receive the information that you are visiting our website with your IP address. If you click the Twitter “tweet button“ while being logged in to your Twitter account, you can link the content of our pages to your Twitter profile, enabling Twitter to allocate your visit to our website to your user account. We would like to point out that we as the provider of these pages are not informed about the content of the transmitted data or their use by Twitter.
(2) If you do not want Twitter to allocate your visit on our website, log off from your Twitter user account.
(3) For more information, please see Twitter’s privacy statement at (https://twitter.com/privacy).
(1) Our website also uses so called social plug-ins (“plug-ins”) by Instagram, hosted by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
The plug-ins feature an Instagram logo, e.g., an “Instagram camera”.
If you open a page of our Web presence containing such a plug-in, a direct connection is created between your browser and the Instagram servers after you click the icon. Instagram directly transmits the content of the plug-in to your browser and integrates it with the page. This integration informs Instagram—even if you have no Instagram profile or are currently not logged into Instagram—that your browser has opened the relevant page of our Web presence.
This information (including your IP address) is submitted by your browser directly to an Instagram server in the US and stored there. If you are logged in to Instagram, Instagram can directly allocate your visit on our website to your Instagram account. If you interact with the plug-ins, e.g., click the Instagram button, this information is directly transmitted to an Instagram server and stored there.
The information is also published on your Instagram account and displayed to your contacts there.
(2) If you do not want Instagram to directly allocate the data collected about our Web presence to your Instagram account you need to log off from Instagram before visiting our website.
(3) For more information, please see Instagram’s privacy statement at (https://help.instagram.com/155833707900388).
(1) We have integrated YouTube videos in our online offering. They are stored at http://www.YouTube.com and can be played directly from our website. They are all included in the “extended data protection mode”, i.e., if you do not play the videos, no data about you as a user are transmitted to YouTube. The data specified in (2) are only transmitted once you play the videos. We cannot influence this data transmission.
(2) If you visit our website, YouTube receives the information that you have opened the relevant sub-page of our website. Furthermore, the data specified in this statement are transmitted. It happens regardless of whether YouTube provides a user account where you are logged in, or whether you have no user account. If you are logged in to Google, your data are directly allocated to your account. If you do not want your data to be allocated to your YouTube profile, you need to log out prior to clicking the button. YouTube stores your data in user profiles and uses them for advertising and/or to customise their website experience. The purpose of such analyses (even for users who are not logged in) is to display customised advertisements and to inform other users of the social network about your activities on our website. You have a right of objection against creating these user profiles; you must contact YouTube to exercise this right.
(3) You can find more information about purpose and scope of YouTube’s data collection and processing in YouTube’s privacy statement where you also get more details about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the US and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
This website uses so called Web fonts for a unified display. These Web fonts are provided by Google. If you open a Web page your Browser loads the required Web fonts into your browser cache to correctly display text and fonts.
To that end, your browser needs to connect to Google servers, enabling Google to find out that your IP address was used to access our website. Google Web fonts are used in the interest of a unified and attractive display of our online offering. This is a legitimate interest in terms of Art. 6 Para. 1 lit. f GDPR.
If your browser does not support Web fonts, your computer’s default font is used. For more information on Google Web fonts, please see https://developers.google.com/fonts/faq and Google’s privacy statement: https://www.google.com/policies/privacy/.
8. Rights of data subjects
You are entitled to the following:
• According to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about processing purposes; the category of personal data; the categories of recipients to whom your data has been or will be disclosed; the planned retention period; the right to rectification, deletion, limitation of processing or objection; the existence of a right of appeal; the source of your data if not collected by us; the existence of automated decision-making, including profiling and, if necessary, to receive meaningful information about their details;
• According to Art. 16 GDPR, to request the prompt correction or completion of your personal data incorrectly stored by us;
• According to Art. 17 GDPR, to request the deletion of your personal data stored by us, unless processing is required (i) to exercise the right to freedom of expression and information; (ii) to fulfil a legal obligation; (iii) for reasons of public interest; or (iv) to assert, exercise or defend legal claims;
• According to Art. 18 GDPR, to request the limitation of processing your personal data if (i) you contest the accuracy of those data; (ii) processing is unlawful but you object to deleting the data; and (iii) we no longer need the data but you need them to assert, exercise or defend a legal right or have filed an objection according to Art. 21 GDPR against processing those data;
• According to Art. 20 GDPR, to retrieve your personal data, which you provided to us, in a structured, common and machine-readable format, or to request that the data have to be transmitted to another responsible person;
• According to Art. 7 Para. 3 GDPR, to revoke your previously given consent against us at any time. As a result, we are no longer allowed to continue data processing, which was based on this consent;
• According to Art. 77 GDPR, to complain to a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or work or the place of the suspected violation.
9. Right of objection
If your personal data are processed based on legitimate interests according to. Art. 6 Para. 1 Sentence 1 lit. f. GDPR, you have the right according to Art. 21 GDPR to object to the processing of your personal data insofar as there are reasons arising from your particular situation or the objection is directed against direct advertising. In the latter case you have a general right of objection which we implement without specifying any particular situation.
If you want to use your right of revocation or objection, you just need to e-mail us at the address provided on our Legal page.
10. Data security
During visits to our website we use the popular SSL method (Secure Socket Layer) in connection with the highest encryption level supported by your browser. This is normally a 256-bit encryption. If your browser does not support a 256-bit encryption, we will use 128-bit v3 technology instead. A locked key and/or lock icon in your browser’s bottom status bar tells you whether a page of our Internet presence is encrypted while it is transmitted.
We use adequate technical and organisational security measures to protect your data against random or intentional tampering, against partial or full loss, or against unauthorised third-party access. Our security measures are continuously improved in line with technological developments.
11. Current status and amendments to this privacy statement
If we evolve our website or if statutory and/or regulatory stipulations change, it may become necessary to amend this privacy statement. You can access and also print out the latest privacy statement at any time from this website.
You are welcome to contact our office via the contact details provided on our Legal page for questions about collecting, processing and using your data; information, correction, blocking or deletion of data; if you want to revoke a given consent; or for any other questions about data protection.